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[57] ABSTRACT 

In authentication using a plurality of cipher keys, the authen- 
tication time is shortened. In the case that an encipher key 
to encipher key are required to take an access to each area 
out of the area to area in a memory of an IC card, a plurality 
of areas to have an access is informed to the IC card from 
a reader writer, a plurality of cipher keys corresponding to 
these areas (for example, cipher key 1, cipher key 2, and 
cipher key 4) is read out, and reduction processing section 
generates one reduction key from these cipher keys. A 
random number which is generated from a random number 
generation section of the reader writer is transferred to the IC 
card, and an encipherment section enciphers the random 
number using the reduction key. The reader writer receives 
the enciphered random number from the IC card, and 
deciphers it using the reduction key, and judges the IC card 
to be proper if the deciphered random number is equal to the 
generated random number. 
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1 2 

SYSTEM AND METHOD FOR are described with a corresponding embodiment (one 

AUTHENTICATION, AND DEVICE AND example) in parentheses after each means in order for clear 

METHOD FOR AUTHENTICATION understanding of mutual correspondence between respective 

means described in claims and embodiments described 
BACKGROUND OF THE INVENTION s hereinafter. However, these descriptions by no means limits 

This invention relates to a system and method for authen- rcs P cctive mcans . t0 thosc dcscribcd hereinafter, 

tication and device and method for authentication, and ^ authentication system described in one embodiment 

particularly relates to a system and method for authentica- comprises the first device and second device. The first 

tion and device and method for authentication which are device has first memory means (for example, a memory 11 

capable of authenticating rapidly. 10 shown in FIG l ) for storin e * plurality of keys, first 

generation means (for example, a reduction processing sec- 

DESCRIFITON OF RELATED ART tion 13 shown in FIG. 1) for generating one authentication 

„ rt , . , . key from the arbitrary number of keys out of the plurality of 

FIG. 20 shows an exemplary structure of a conventional , , „ . , • fl . / nm 

. . t fy j w i • i the keys stored in the first memory means, and first com- 

authenticates .system using an IC card. In this exemplary 1S ma& ^ on means (for example, a communication section 

structure, authentication processtng ■ performed between n shoyfQ ^ mQ \ } f communicati ^ the 

the IC card 102 and reader writer 101. In the IC card 102, . „- _ „ „ . L„- . ... . * „ , „„„„„ / f „, 

. ... , ' device, rne second device has second memory means (tor 

the area for storing information is divided into 5 areas of a m 3J shown in nG 1} for ^ ft 

area 1 to area 5. Respective areas correspond to different ^ Qf k ation means (for e j a 

cipher key 1 to key 5. lo take an access to area i, the 20 occssi section 32 shown in nG 1} for 

corresponding cipher key i is required. Qn& authentication key from the arbitrary number of 

When the reader writer 101 records a data in, for example, keys out of thc pluraUty of the keys stored in the first 

area 1 of the IC card, or reads a data stored therein, first memory means, and second communication means (for 

mutual authentication processing is performed. The reader example, a communication section 33 shown in FIG. 1) for 

writer 101 previously stores the same cipher key 1 to cipher 25 communicating with the first device. The one device (for 

key 5 as the cipher key 1 to cipher key 5 stored in the IC card example, an IC card 3 shown in FIG. 1) out of the first device 

102. When the reader writer 101 takes an access to area 1 of an( j sec0 nd device has encipherment means (for example, 

the IC card 102, the reader writer 101 reads the cipher key encipherment section 34 shown in FIG. 1) for enciphering 

1 corresponding to the area 1 and performs an authentication us j ng the authentication key, and the other device (for 

processing using this key. 30 example, a controller 1 and reader writer 2 shown in FIG. 1) 

For example, the reader writer 101 generates a prescribed out of the first device and second device has decipherment 

random number, and informs the random number and the means (for example, encipherment section 22 shown in FIG. 

number of 1 of the area to be addressed to the IC card 102. 1) for deciphering data enciphered by the encipherment 

The IC card 102 reads the cipher key 1 corresponding to the means using the authentication key. 

informed number of 1, enciphers the random number using 35 [n the aDO ve-mentioned authentication system, one 

the cipher key 1. The enciphered random number is authentication key is generated from a plurality of keys, 

informed to the reader writer 101. The reader writer 101 Data are enciphered and deciphered using the one authen- 

deciphers the ciphered random number using the cipher key. tication key 

If the random number informed to the IC card 102 coincides , Q ^ autheDtication tem described in another 

with the deciphered random number, the IC card 102 is 40 embodiment) the one devke ou , of (he first and 

ju ge to e proper. second device additionally has notification means (for 

Similarly, the IC card 102 generates a prescribed random example, the step S6 shown in FIG. 7) for notifying infor- 

number, and outputs it to the reader writer 101. The reader mation required to generate one corresponding authentica- 

writer 101 enciphers the random number using the cipher t j on k ey ft om arbitrary number of keys out of the plurality 

key 1, and informs the enciphered random number to the IC 5 0 f tne k eys st0 red therein to the other device. The other 

card 102. The IC card 102 deciphers the enciphered random device out of the first device and second device generates the 

number using the cipher key 1. If the deciphered random authentication key corresponding to the information 

number is coincident with the random number posted to the informed from the notification means, 

reader writer 101, the reader writer 101 is determined to be jq [q ^ authentication systcm dcscribed m yct another 

a proper reader writer. embodiment, at least any one device of the first device and 

The processing described above is performed on respec- second device is provided with a random number generation 

tive areas. means (for example, random number generation sections 23 

In the conventional system, it has been difficult to lake an and 35 in FIG. 1) for generating a random number, and the 
access to areas rapidly because mutual authentication pro- 5S encipherment means enciphers a random number generated 
cessing is performed individually for each area. As the by the random number generation means, and the decipher- 
result, it has been difficult that a reader writer 101 makes an ment means deciphers the enciphered random number, 
access to a prescribed area of the IC card 102 and then writes An authentication device described in still another 
and reads information in a short time, for example, when a embodiment has communication means (for example, a 
commuter passes a gate installed at a ticket gate. 60 communication section 21 shown in FIG. 1) for communi- 

The present invention was accomplished in view of such eating between the other device, memory means (for 

a problem, and it is the object of the present invention to example, the memory 11 shown in FIG. 1) for storing a 

shorten the time for authentication. plurality of keys, generation means (for example, the reduc- 

r*, , * ™^ ^™~»r ^oii mans 13 shown in FIG. 1) for generating one authen- 

SUMMARY OF THE INVENTION „ , icatjon key from me num 6 ber of £ ys om of fl 

Embodiments of the present invention are described here- plurality of the keys stored in the memory means, notifica- 
inafter. In the description, features of the present invention tion means (for example, the communication section 12 
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shown in FIG. 1) for notifying information required to 
generate one corresponding authentication key from the 
arbitrary number of keys out of the plurality of the keys 
stored in the other device and data to be enciphered using the 
authentication key to the other device, and decipherment 5 
means (for example, the encipherment section 22 shown in 
FIG. 1) for deciphering, using the authentication key, the 
data enciphered by the other device using the authentication 
key. 

In the above-mentioned authentication device, informa- 10 
tion required to generate one authentication key is informed 
to other device. Data enciphered using an authentication key 
generated by other device are deciphered using the authen- 
tication key. 

An authentication device described in another embodi- 15 
ment has communication means (for example, the commu- 
nication section 33 shown in FIG. 1) for communicating 
between the other device, a memory means (for example, the 
memory 31 shown in FIG. 1) for storing a plurality of keys, 
generation means (for example, the reduction processing 20 
section 32 shown in FIG. 1) for generating one authentica- 
tion key from the arbitrary number of keys out of the 
plurality of the keys stored in the memory means based on 
information informed from the other device, and encipher- 
ment means (for example, the encipherment section 34 25 
shown in FIG. 1) for enciphering the data informed from the 
other device using the authentication key. 

In the above-mentioned authentication device, one 
authentication key is generated from a plurality of keys 30 
based on the information informed from the other device. 

In an authentication system described in still another 
embodiment, the first device stores a key assigned to this 
device and has first memory means (for example, a memory 
11 shown in FIG. 9) for storing a key assigned to this device 35 
and individual data generated using a prescribed common 
data and a prescribed number of keys held by the second 
device, first generation means (for example, a reduction 
processing section 13 shown in FIG. 9) for generating an 
authentication key from the key stored in the first memory 4Q 
means and the individual data, first notification means (for 
example, a control section 24 shown in FIG. 9) for notifying 
information required for the other device to generate corre- 
sponding the key, and a first communication means (for 
example, a communication section 21 shown in FIG. 9) for 45 
communicating between the second device. The second 
device is provided with a second memory means (for 
example, a memory 31 shown in FIG. 9) for storing a 
plurality of keys and the common data, a second generation 
means (for example, a reduction processing section 32 50 
shown in FIG. 9) for generating the authentication key from 
a key corresponding to the information from the communi- 
cation means of the first device out of the plurality of the 
keys stored in the second memory means and the common 
data, and a communication means (for example, a commu- 55 
nication section 33 shown in FIG. 9) for communicating 
between the first device. The one device out of the first 
device and second device is provided with an encipherment 
means (for example, an encipherment section 22 shown in 
FIG. 9) for enciphering using the authentication key, and the 60 
other device out of the first device and second device is 
provided with a decipherment means (for example, an 
encipherment section 34 shown in FIG. 9) for deciphering 
the data enciphered by the encipherment means using the 
authentication key. 65 

In the above-mentioned authentication system, a key 
assigned to this device and individual data are stored in the 



first device, and an authentication key is generated corre- 
spondingly to these key and data. In the second device, an 
authentication key is generated from the information 
received from the first device and common data. 

In the authentication system described in yet another 
embodiment, an authentication key comprises a first authen- 
tication key and second authentication key. The first gen- 
eration means generates the first authentication key from the 
key stored in the first memory means assigned thereto and 
the individual data, and generates the second authentication 
key using the key assigned thereto and the first authentica- 
tion key. The second generation means generates the first 
authentication key from a key corresponding to the of 
information from the notification means of the first device 
out of the plurality of the keys stored in the second memory 
means and the common data, and generates the second 
authentication key using the first authentication key and a 
key corresponding to the information from the notification 
means of the first device. Both the first device and second 
device are provided with the encipherment means and 
decipherment means respectively, the one device out of the 
first device and second device is provided additionally with 
a random number generation means (for example, the ran- 
dom number generation section 23 shown in FIG. 9) for 
generating a random number. An encipherment means of the 
one device out of the first device and second device enci- 
phers the random number generated from the random num- 
ber generation means of the one device out of the first device 
and second device (¥2) using the first authentication key, a 
decipherment means of the other device out of the first 
device and second device deciphers the random number 
enciphered by the encipherment means of the one device out 
of the first device and second device using the first authen- 
tication key, an encipherment means of the other device out 
of the first device and second device enciphers the random 
number deciphered by the decipherment means of the other 
device out of the first device and second device using the 
second authentication key, and a decipherment means of the 
one device out of the first device and second device deci- 
phers the random number enciphered by the encipherment 
means of the other device out of the first device and second 
device using the second authentication key. 

In the authentication system described in another 
embodiment, the second device is provided additionally 
with the second decipherment means (for example, an 
encipherment section 34 shown in FIG. 18) for deciphering 
the first enciphered data and second enciphered data 
received from the first communication means of the first 
device using the first key corresponding to the key identi- 
fication number, and a changing means (for example, a 
control section 36 shown in FIG. 18) forjudging whether the 
second key and third key are in a prescribed relation and for 
changing the first key using the second key correspondingly 
to the judgement result. 

An authentication device described in yet another 
embodiment provided with a memory means (for example, 
the memory 11 shown in FIG. 19) for storing a key assigned 
to this device and storing individual data generated using a 
prescribed common data and a prescribed number of keys 
held by the other device, a generation means (for example, 
the reduction processing section 13 shown in FIG. 9) for 
generating an authentication key from the key stored in the 
memory means and the individual data, notification means 
(for example, the control section 24 shown in FIG. 9) for 
notifying information required for the other device to gen- 
erate the corresponding authentication keys, a communica- 
tion means (for example, the communication section 21 
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shown in FIG. 9) for communicating between the other FIG. 10 is a block diagram for illustrating an exemplary 

device, and an enciphennent means (for example, the enci- structure of an authentication system of the provider 2 in the 

pherment section 22 shown in FIG. 9) for enciphering using case that a reduction key is generated in the exemplary 

the authentication key. structure shown in FIG. 8, 

An authentication device described in still another 5 FIG. 11 is a block diagram for illustrating an exemplary 

embodiment is provided with a memory means (for structure of an authentication system of the provider 4 in the 

example, the memory 31 shown in FIG. 9) for storing a case that a reduction key is generated in the exemplary 

plurality of keys and common data, a generation means (for structure shown in FIG. 8, 

example, the reduction processing section 13 shown in FIG. fig. 12 is a block diagram for illustrating generation of 

9) for generating an authentication key from a key corre- io data t0 be stored in a memory n s h own in FIG. 9. 

spending to the information from the other device out of the fig. 13 is a block diagram for illustrating generation of 

plurality of the keys stored in the memory means and the daU tQ be stQred jn a m u shown [n pjQ 10 

common data, a communication means (for example, the -„ 

communication means 21 shown in FIG. 9) for communi- A K 14 15 a ^ lock dia S ram f ° r J^straUng generation of 

eating between the other device, and, a decipherment means 35 data to be stored in a memory 11 shown in FIG. 11. 

(for example, the encipherment section 34 shown in FIG. 9) FI GS. 15A and 15B are block diagrams for illustrating yet 

for deciphering the data enciphered by the other device another exemplary structure of the reduction processing 

using the authentication key. section 13 shown in FIG. 1. 

In the above-mentioned authentication device, an authen- FIG - 16 is a block diagram for illustrating an exemplary 

tication key is generated from a key corresponding to the 20 structure of an authentication system of the provider 4 in the 

information from the other device and common data. case ^ a reduction key is generated by the method shown 

The authentication device described in another m ^* 

embodiment, the second decipherment means and changing FIGS. 17A and 17B are timing charts for describing 

means are additionally provided, when the first enciphered 25 operations of the example shown in FIG. 16. 

data which is generated by enciphering the second key using FIG. 18 is a diagram for describing operations for chang- 

the first key and the second enciphered data which is ing a key. 

generated by enciphering the third key having a prescribed FIGS. 19A and 19B are block diagrams for illustrating 

relation to the second key using the first key are transmitted, another authentication processing. 

together with the key identification number of the key to be 30 FIG 20 is a ^ for iUustrating a structure of a 

changed, from the other device in order to change the first conventiona i authentication system, 
key out of the plurality of the keys stored in the memory 

means, the second decipherment means (for example, the DETAILED DESCRIPTION OF THE 

encipherment section 34 shown in FIG. 18) deciphers the PREFERRED EMBODIMENTS 

first enciphered data and second enciphered data using the 35 

first key corresponding to the key identification number of FIG. 1 shows an exemplary structure of an authentication 

the key to be changed, and the changing means (for example, system of the present invention. The system comprises a 

the control section 36 shown in FIG. 18) judges whether the controller 1, reader writer 2, and IC card 3. Auser instead of 

deciphered second key and third key are in a prescribed a commutation ticket, for example, carries the IC card 3. The 

relation and changes the first key using the second key reader writer 2 is installed at a ticket gate of a rail way 

correspondingly to the judgement result. company who employs the IC card 3. In this specification, 

the term "system" means a whole apparatus having a plu- 

BRIEF DESCRIPTION OF THE DRAWINGS rality of devices. 

FIG. 1 is a block diagram for illustrating an exemplary The controller 1 is provided with a memory 11, which 

structure of an authentication system of the present inven- 45 stores cipher keys for access to areas of a memory 31 of the 

tion. IC card 3, and corresponding provider numbers. A commu- 

FIG. 2 is a diagram for illustrating an exemplary data nication section 12 communicates between a communica- 

structure of the memory 31 shown in FIG. 1. tion ^ ciion 21 of reader writer 2 b ? wire or radl ° 

FIGS. 3A and 3B are block diagrams for iUustrating an tran™on A reduction processing section 13 reads a 

exemplary structure of a reduction processing section 13 50 cipher key of a prescribed number out of a plurality of cipher 

shown in FIG 1 ^ s store " in l " e memorv H> am * generates one reduction 

. . ' ' , „ - .„ . , key. A controller 14 controls operations of components in the 

FIG. 4 is a block diagram for illustrating an exemplary controller t ^ d erforms authentication processing, 

structure of a two-input reduction circuit shown in FIG. 3. „ . . .*«.,.. , ■ - 

„ . . , , , ... , , The communication section 21 of the reader wntcr 2 

FIG. 5 is a block diagram for illustrating an exemplary communicates bctween mc communication section 12 of the 

structure of a two-input reduction circuit shown in FIG. 3. x of a communication scclion 33 of lhe IC card y 

FIG. 6 is a block diagram for illustrating an exemplary ^ cnciphcrment 22 enciphers a random number 

structure of a two-input reduction circuit shown in FIG. 3. generated from a random number generation section 23, and 

FIGS. 7A and 7B are timing charts for describing opera- deciphers an enciphered random number transmitted from 

lions of the authentication system shown in FIG, 1. 60 the IC card 3. A control section 24 controls operations of 

FIGS. 8A and 8B are block diagrams for illustrating components of the reader writer 2, and performs authenti- 

another exemplary structure of the reduction processing cation processing. 

section 13 shown in FIG. 1. The IC card 3 is provided with the memory 31. The 

FIG. 9 is a block diagram for illustrating an exemplary memory 31 is divided into a plurality of areas (for example 

structure of an authentication system of a provider in the 65 5 areas in FIG. 1). Each provider (for example, Railway 

case that a reduction key is generated in the exemplary Company) takes an access to the corresponding area, and 

structure shown in FIG. 8. writes and reads data as desired. Each area corresponds to a 
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specific cipher key, and a corresponding cipher key i is front end corresponding to a cipher key prepared previously, 

required to take an access to a specified area i. and outputs it to the rear end. For example, if the two-input 

A reduction processing section 32 reduces a plurality of reduction circuit 81-1 comprises the encipherment circuit 

cipher keys, and generates one reduction key. An encipher- 81 "\ a d P her ^ of the provider 1 is inputted as a data, and 

ment section 34 enciphers a random number generated by 5 a cipher key of the Provider 2 is inputted as a cipher key. The 

, , r . jj u .i_ cipher key (data) of the provider 1 is enciphered and 

random number generation section 35, and deciphers the \ Ai , ; \ / . 4 r , . u 0 * \ 

. , ij. i .r \ l Z a outputted to the two -input reduction circuit 81-2. 

enciphered data supplied from the reader writer 2. A con- f . . . . 0 * . . . t.,^, - . 

* ii i£ . i *• c * t *i~ t/-^ a An encipherment circuit 81-i shown in FIG. 5 receives the 

troller 36 controls operations of components of the IC card . t c r iL c t , . . .„ , . . . 

~ , f * . r . input from the front end, enciphers it, and outputs it to the 

3, and performs authentication processing. ^ end Fof examp ^ tf the F enciphermeat circuit 81-i is 

FIG. 2 shows a detailed example of a data structure of the applied to the two-input reduction circuit 81-1, a cipher key 

memory 31 of the IC card 3. In this example, the area 51 is 0 f the provider 2 is inputted as a data, and a cipher key of 

assigned as a common area, in which data common to the provider 1 is inputted as a cipher key. The cipher key of 

respective providers are stored. The area 52 is assigned as an the provider 2 is enciphered using the cipher key of the 

area for exclusive use by respective providers, and only the provider 1, and outputted to the subsequent two-input reduc- 

provider corresponding to a specific area can make an access 15 tion circuit 81-2 as a reduction key. 

to this area. For example, DES (Data Encryption Standard) and FEAL 

In an area 53, information required to manage the area 51 ( Fast Data Encipherment Algorithm) are used as an enci- 

and area 52 is recorded. The information comprises provider pherment method shown in FIGS. 4 and 5. 

numbers assigned to respective providers, block assignment nn In FIG * 6 * the encipherment circuit 81-i comprises an 

information for indicating the area which is assigned to the 20 exclusive OR circuit (XOR). For example, if the encipher- 

provider, permission information such as that only reading is 81 "i* a PP hed t0 ^ two -mput reduction circuit 

possible, only writing is possible, or both reading and sho ™ lD ^ 3 ; h an exc ? usl Y e 0R °* < hc ^ key of 

r ... -ui ■ u i j - * ,u • u the provider 1 and the cipher key of the provider 2 is 

writing are possible, cipher key, and version of the cipher m J em!lticiiUy operated) £ d me ma th ema tical operation 

25 result is outputted to the subsequent two-input reduction 

For example, the provider number 00 is common to circuit 81-2 as a reduction key. 

respective providers, and as the block assignment In FIG. 3, an cipher key of each provider is a digital data 

information, an address of the area 51, which is the common having 30 bytes. In this case, also a reduction key is a digital 

area, is written. As the permission information, information data having the same bytes. 

which is possible to take an access to the area 51, which is 30 Next, operations are described with reference to a timing 

the common area, is specified. Further, as the version chart shown in FIGS. 7A and 7B. The controller 1 and reader 

information of the cipher key, the cipher key required to take writer 2 are shown as separate devices in this embodiment, 

an access to the area 51, which is the common area, and the however, it is possible to use these devices as one combined 

version thereof are specified. device. 

An area 54 is assigned as a system ID block, and an ID 35 The controller section 14 of the controller 1 controls the 

of a system to which this IC card 3 is applied is written. communication section 12, and indicates polling with a 

The provider number, permission information, cipher key sufficiently short period (period sufficient for detecting pas- 

version, and cipher key shown in FIG, 2 are stored in the sa S e of who P 455 though a ticket gate of a rail way 

memory 11 of the controller 1. slation havin S an IC card ) for the reader wnter 2 < sle P S1 )' 

r-T^o i a j ,n u i * * f *u 40 Upon receiving the indication through the communication 

FIGS. 3A and 3B show an exemplary structure of the r 4 . 4U * i *• ~*a c *u a ** i 

. A . . . / j , • . section 21, the control section 24 of the reader wnter 2 

reduction processing section 13 (or reduction Processing ^ communication xclioa 21 to fonn „; to 

section 32). The processing * performed actually by soft- ^ JC ^ 3 ^ $2) UpQn indic!ition of polling 

ware in many cases. &om ^ comrmln j cat i on section 21 of the reader writer 2 

In the reduction processing section 13 or 32, in the case 45 through ^ communication section 33, the control section 

that n cipher keys are provided in the IC card 3, (n-1) 36 of [he jc card 3 informs the existence of this control 

circuits of two-input reduction circuits 81-1 to 81-(n-l) are section 36 (step S3). Upon receiving this information from 

provided, two data are inputted to each reduction circuit, and me IC card 3 mroug h the communication section 21, the 

one data is outputted. In the two-input reduction circuit 81-1, control section 24 of the reader writer 2 informs the exist- 

a cipher key of the provider 1 (rail way company 1) and a so ence of me j C card 3 to the controller 1 (step S4). 

cipher key of the provider 2 (rail way company 2) are Upon receiving this information through the communica- 

inputted. The two-input reduction circuit 81-1 generates one don u the control aKdm 14 of , hc ! 

reduction key from the two cipher keys, and supplies it to the controls [ne reduction p rocessing section 13 (step S5). The 

subsequent two-input reduction circuit 81-2. The two-input reduction processmg section 13 reads out the cipher key of 

reduction circuit 81-2 reduces the reduction key inputted 5J M area to be addressed from the memory 11. In the example 

from the two-input reduction circuit 81-1 and a cipher key shown iQ pjQ 1( the cipher key x> cipher key 2> aad cipher 

of the provider 3 (rail way company 3), and outputs it to the . A m Kli om , 0 ^ reduclion processing action 13 to 

subsequent two-input reduction circuit 81-3 (not shown in , ake acC6SS (o , he ar6a j ^ 2 and „ 6a 4 ^ reduction 

the drawing) The same processing is performed in each processing ^^0,, 13 reduces using these ^ cipher keys . 

two-input reduction circuit 81-i, and the reduction key 60 m as shown in FIG 3> in thc two . input reduction 

generated from the fwal two-mput reduction circuit 81-(n-l) circuit gl . lf ^ cipher key 1 is enciphered using the cipher 

is regarded as one final reduction key. kcy ^ and outputted to the two-input reduction circuit 81-2. 

If n=l (one cipher key is involved), the input cipher key The two-input reduction circuit 81-2 enciphers the reduction 

is outputted, as it is, as a reduction key. key obtained by reducing the cipher key 1 and cipher key 2 

FIGS. 4 to 6 show exemplary structures of the two-input 65 supplied from the two-input reduction circuit 81-1 using the 

reduction circuit 81-i shown in FIG. 3. An encipherment cipher key 3. The obtained reduction key is used as the final 

circuit 81-i shown in FIG. 4 enciphers an input from the reduction key. 
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When one reduction key is generated as described herein 
above, the control section 14 informs it to reader writer 2 
together with provider numbers (key number), number of 
providers (number of keys), and order of reduction process- 
ing (step S6). Upon receiving this information from the 
communication section 12 of the controller 1 through the 
communication section 21, the control section 24 of the 
reader writer 2 instructs the random number generation 
section 23 to generate a random number rl (step S7). The 
controller 24 instructs the communication section 21 to 
inform the random number rl to the IC card 3 (step S8). 
Then, the control section 24 informs also the number of 
providers and provider numbers supplied from the controller 
1 to the IC card 3. 

Upon receiving this information, the controller 36 of the 
IC card 3 performs first reduction key generation processing 
(step S9). In detail, the control section 36 reads the cipher 
key corresponding to the provider number (key number) 
transmitted from the reader writer 2 from the memory 31, 
and supplies it to the reduction processing section 32 to 
perform reduction processing. In the case shown in FIG. 1, 
because the provider numbers corresponding to the cipher 
key 1, cipher key 2, and cipher key 4 are transmitted, the 
cipher key 1, cipher key 2, and cipher key 4 corresponding 
to these provider numbers respectively are read out from the 
memory 31, and supplied to the reduction processing section 
32. The reduction processing section 32 reduces these three 
reduction keys in a specified order (for example, in order of 
input of the providers), and finally generates one reduction 
key. As the result, the same reduction key as the reduction 
key generated by the controller 1 in the step S5 is generated 
in the IC card 3. 

Next, the control section 36 outputs the random number 
rl informed from the reader writer 2 and the reduction key 
generated from the reduction processing section 32 to the 
encipherment section 34, and the enciphennent section 34 
enciphers the random number rl using the reduction key 
(step S10) to generates an enciphered random number Rl. 

The control section 36 generates a prescribed random 
number r2 in the random number generation section 35 (step 
Sll). The control section 36 controls the communication 
section 33 to transfer the enciphered random number Rl and 
random number r2 generated in the step Sll to the reader 
writer 2 (step S12). 

Upon receiving supply of the random number r2 and 
enciphered random number Rl, the control section 24 of the 
reader writer 2 controls the encipherment section 22 to 
decipher the enciphered random number Rl using the reduc- 
tion key received from the controller 1 (step S13). The 
controller 24 checks whether the random number obtained 
by deciphering is equal to the random number rl generated 
in the step S7, and if the result is NO, then the IC card 3 is 
judged to be an improper IC card, and the control section 24 
informs the judgement to the controller 1 in the step S14. 
Then, the controller 1 performs error processing (for 
example, prevent the user from passing the ticket gate). 

On the other hand, if the deciphered random number is 
equal to the random number rl in the step S13, then the 
control section 24 control the encipherment section 22 to 
encipher the random number r2 supplied from the IC card 3 
using the reduction key supplied from the controller 1, and 
an enciphered random number R2 is generated (step SIS). 
Further, the control section 24 transfers the enciphered 
random number R2 generated as described herein above to 
the IC card 3 (step S16). 

Upon receiving supply of the enciphered random number 
R2 as described herein above, the control section 36 of the 
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IC card 3 controls the encipherment section 34 to decipher 
the enciphered random number R2 using the reduction key 
generated in the step S9 (step S17). Whether the deciphered 
random number is equal to the random number r2 generated 
S in the step Sll is judged. The judgement result is transferred 
to the reader writer 2 through the communication section 33 
(step S18). 

Upon receiving information of authentication result from 
the IC card 3, the control section 24 of the reader writer 2 

30 informs this result to the controller 1 from the communica- 
tion section 21 (step S19). 

Upon receiving this information through the communica- 
tion section 12, the controller 14 of the controller 1 performs 
error processing if the information indicates NG. On the 

15 other hand, if the information indicates OK (the IC card is 
judged to be a proper IC card), the control section 14 of the 
controller 1 outputs a necessary command such as read out 
or write to the reader writer 2 (step S20). Upon receiving 
transfer of the command, the reader writer 2 outputs a read 

20 or write command to the IC card 3 (step 21). In this case, 
read or write of the area 1, area 2, and area 4 of the IC card 
3 is instructed as described herein above. 

As the result, if write in the area 1, area 2, or area 4 is 
instructed, then the control section 36 of the IC card 3 

25 performs write processing. If read is instructed, the control 
section 36 of the IC card 3 performs read processing. The 
read data is transferred from the IC card 3 to the reader 
writer 2 (step S22), and transferred from the reader writer 2 

3q to the controller 1 (step S23). 

As described herein above, when a plurality of areas 
receives the access, cipher keys required individually are not 
authenticated individually. (For example, in the case of the 
example shown in FIG. 1, authentication processing is 

35 performed not individually on the cipher key 1, cipher key 
2, and cipher key 4 (in other words, performed not three 
times).) Instead, one reduction key is generated from a 
plurality of cipher keys, and authentication processing is 
performed only once using this one reduction key; as a 

40 result, it is possible to perform authentication processing 
rapidly. 

The number of bytes (length) of a reduction key is equal 
to that of a cipher key in this example; however, it is possible 
to use different number of bytes. Because a reduction key is 

45 used only for authentication, it is not necessary to restore a 
reduction key to a plurality of original cipher keys. 

FIG. 8 shows another method for generating a reduction 
key. In this example, cipher keys Kl to Kn are assigned to 
respective providers 1 to n, and secret data DO (not neces- 

50 sary secret because this data is common for the respective 
providers) which is contained previously are inputted to the 
first two-input reduction circuit 81-1, and the two-reduction 
circuit 81-1 enciphers the data DO based on the cipher key 
Kl of the provider 1. Next, the two-input reduction circuit 

55 81-2 enciphers the output Dl from the two -input reduction 
circuit 81-1 based on the cipher key K2 of the provider 2. 
Then, the same processing is performed successively by the 
two-input reduction circuit 81-i, the output from the final 
two-input reduction circuit 81-n is the final reduction key. 

60 When a reduction key is generated as shown in FIG. 3, the 
provider 2 can not generate a reduction key unless the 
provider 2 knows the cipher key of the provider 1. Because 
the respective providers are independent basically, it is not 
preferable for security that the cipher key of a certain 

65 provided is informed to other providers. 

On the other hand, the method for generating a reduction 
key as shown in FIG. 8 is preferable because a provider can 
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generate a reduction key without being informed the cipher 
key of another provider. 

FIGS. 9 to 11 show exemplary structures of a controller 

1, reader writer 2, and IC card 3 of the provider 1, provider 

2, and provider 4 for the case that a reduction key is 5 
generated by the method as shown in FIG. 8. 

As shown in these drawings, a prescribed data (common 
data) DO is stored previously in the memory 31 in addition 
to the cipher key Kl to cipher key K5 corresponding to the 
area 1 to area 5 respectively. 10 

The cipher key Kl of this provider 1 and data D024 are 
stored in the memory 11 of the provider 1 (FIG. 9), the 
cipher key Kl of this provider 2 and data D014 are stored in 
the memory 11 of the provider 2 (FIG. 10), and the cipher 
key K4 of this provider 4 and data D012 are stored in the 15 
memory 11 of the provider 4 (FIG. U). 

These data (individual data) D024, D014, and D012 are 
generated by methods shown in FIGS. 12 to 14. 

In FIG. 12, the provider 1 asks the provider 2 to reduce the 2Q 
predetermined data DO using the cipher key K2 in the 
two-input reduction circuit 81-1 to generate data D02. Then, 
the provider 1 provides the data D02 to the provider 4, the 
provider 4 then reduces using the cipher key K4 in the 
two-input reduction circuit 81-2 to generate data D024. The 2j 
provider 1 receives supply of the data D024 from the 
provider 4, and stores it in the memory 11. 

In this case, it may be possible that the data DO is provided 
first to the provider 4, the provider 4 reduces it using the 
cipher key K4 to generate data D04, and then the data D04 30 
is provided to the provider 2, the provider 2 reduces it using 
the cipher key K2 to generate data D042, and the data D042 
is stored in the memory U. The provider 1 stores the order 
of reduction which indicates that the reduction is performed 
in what order. 35 

As shown in FIG, 13, the provider 2 asks the provider 1 
to generate data D01 which is generated by reducing data DO 
using the cipher key Kl. The provider 2 provides the data 
D01 to the provider 4, and asks the provider 4 to generate 
data D014 by reducing the data D01 using the cipher key K4. 40 
The data D014 is stored in the memory 11. Like the 
preceding case, it may be possible that the provider 2 asks 
reduction processing first to the provider 4, and then pro- 
vides the data D04 generated using the cipher key K4 to the 
provider 1, the provider 1 reduces it using the cipher key Kl 45 
to generate data D41, the provider 2 obtains the data D041 
and stores it in the memory 11. The provider 2 stores also the 
order of reduction in the memory 11. 

Further, as shown in FIG. 14, the provider 4 asks the 
provider 1 to degenerate the data DO using the cipher key 50 
Kl, and the provider 1 generates data D01. The data D01 is 
provided to the provider 2, the provider 2 reduces it using the 
cipher key K2 to generate data D012. The provider 4 stores 
the data D012 in the memory 11. Like the preceding cases, 
it may be possible that the provider 4 asks reduction pro- 55 
cessing first to the provider 2 to degenerate the data DO using 
the cipher key K2, data D02 is generated, the provider 1 
reduces the data D02 using the cipher key Kl to generate 
data D021. The provider 4 also stores the order of reduction 
in the memory 11. 60 

The respective providers can perform authentication pro- 
cessing as described below. For example, in the provider 1, 
the control section 14 controls the reduction processing 
section 13 as shown in FIG. 9, reads the data D024 and 
cipher key Kl from the memory 11 to generate a reduction 65 
key. The reduction key is transferred to the reader writer 2. 
Then, the number of providers (in this example, the number 



is three), provider numbers (in this example, provider 1, 
provider 2, and provider 4), and order of reduction (in this 
example, in the order of the provider 2, provider 4, and 
provider 1) are informed to the reader writer 2. The control 
section 24 controls the communication section 21, and 
informs the number of providers, provider numbers, and 
order of reduction transferred from the control section 14 of 
the controller 1 to the IC card 3. 

In the IC card 3, when the communication section 33 
receives these information, the control section 36 controls 
the reduction processing section 32 corresponding to this 
information. Tie reduction processing section 32 reads the 
data DO from the memory 31, reduces the data DO succes- 
sively using a specified order and the cipher key of a 
specified provider number to generate a reduction key. In 
detail, the data DO is reduced using the cipher key K2, and 
a reduction key is generated. The reduction key generated as 
described herein above is the same reduction key as gener- 
ated by the reduction processing section 13 of the controller 
1. 

Accordingly, authentication processing is performed by 
performing processing following the step SI 0 as in the case 
described with reference to FIG. 7. The reader writer 2 of the 
provider 1 can take an access to the area 1, area 2, and area 
4 of the memory 31 of the I C card 3. 

On the other hand, in the provider 2, as shown in FIG. 10, 
the control section 14 controls the reduction processing 
section 13 to read the data D014 from the memory 11, and 
to regenerate it using the cipher key K2 read from also from 
the memory 11. The generated reduction key is transferred 
to the reader writer 2. Then, the number of providers (in this 
example, the number is three), provider numbers (in this 
example, provider 1, provider 2, and provider 4), and order 
of reduction (in this example, in the order of the provider 1, 
provider 4, and provider 2) are informed to the reader writer 
2. 

The reader writer 2 transfers this information to the IC 
card 3. In the IC card 3, a reduction key is generated 
corresponding to this information. 

In detail, the reduction processing section 32 of the IC 
card 3 reads the data DO from the memory 31, reduces first 
using the cipher key Kl to obtain data D01. The data D01 
is then reduced using the cipher key K4 and data D014 is 
generated. The data D014 is reduced using the cipher key 
K2. The reduction key generated as described herein above 
is the same reduction key as generated by the controller 1. 
Therefore the reader writer 2 of the provider 2 can make an 
access to the area 1, area 2, and area 4 of the memory 31 of 
the IC card 3. 

Further as shown in FIG. 11, in the provider 4, the control 
section 14 of the controller 1 controls the reduction process- 
ing section 13 to degenerate the data D012 stored in the 
memory 11 using the cipher key K4 and to generate a 
reduction key, and transfers it to the reader writer 2. Then, 
the number of providers in (in this example, the number is 
three), provider numbers (in this example, provider 1, pro- 
vider 2, and provider 4), and order of reduction (in this 
example, in tie order of the provider 1, provider 2, and 
provider 4) are informed. This information is transferred to 
the IC card 3. The IC card 3 performs reduction processing 
based on this information. 

In detail, the reduction processing section 32 reads the 
data DO from the memory 31, and generates data D01 using 
the cipher key Kl. The data D01 is then reduced using the 
cipher key K2, and data D012 is generated. The data D012 
is reduced using the cipher key K4, and the final reduction 
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key is generated. The reduction key generated as described When the communication section 21 receives the ID 

herein above is the same reduction key as generated by the number transmitted from the IC cards 3 A and 3B, the reader 

controller 1. Therefore the reader writer 2 can make ao writer 2 supplies it to the ID acquirement section 211 for 

access to the area 1, area 2, and area 4 of the memory 31 of storage. The control section 24 controls the random number 

the IC card 3. 5 generation section 23 to generate a random number rl (step 

FIG. 15 shows yet another method for reduction key $48). Further, the control section 24 selects the ID which is 

generation. In this method, data Dn-1 inputted to the two- acquired, for example, first out of acquired ID's (step S48). 

input reduction circuit 81-n which generates the final reduc- control section receives supply of data D02j cipher kcy 

tion key and an ID number held previously by the IC card K4 and reduction order> and generates a reduction key 

are mathematically operated, the mathematical operation 10 corrcsponding mis information . 

result is subjected to processing using the cipher key Kn, and > * A _r 

a reduction key is generated. Other processes are performed First > ^ contro1 56011011 24 Performs a prescribed math- 
as shown in FIG. 8. ematical operation on the selected ID (for example, IDA of 
FIG. 16 shows an exemplary structure of a controller 1, the 1C car L d *)>™™ly data D012. The mathematical opera- 
reader writer 2, and IC card 3 for generating a reduction key , < { ™ ™y be M ^ on or mathematical operation of exclusive 
according to the method shown in FIG. 15. TWs figure 15 OR. The control section 24 reduces the mathemaUcal opera- 
shows the structure of the provider 4. As shown in this £ 0D result usm S cl P her ke V K4 to 6 enerate a reduction 
drawing, the memory U of the controller 1 stores the data ^" 

D012, the cipher key K4, and the reduction order. The reader Further, the number of providers, provider numbers, 

writer 2 is provided with an ID acquisition section 211 for reduction order, and random number rl are transmitted to the 

acquiring an ID from the data received by the communica- IC card 3 ( ste P S50 )- The information is received by both the 

tion section 21. The IC card 3 stores previously an ID IC card 3A and I C card 3B. Upon receiving the information, 

number specific to the IC card 3 in the memory 201 (the the IC card 3B reduces the data DO using the cipher key Kl 

memory 201 may be the same memory as the memory 31). according to the specified order and obtains data DO, the data 

By performing authentication processing in this way « 001 15 reduced using the cipher key K2 and data D012 is 

using ID number, confusion which may happen when a obtained (step S51). The IDB is read out from the memory 

plurality of users having IC cards containing the same 201 > and lhe result obtained by mathematical operation of 

provider combination (for example, combination of the the IDB and data 0012 is reduced ^8 ^ ci P her ke y K4 * 

provider 1, provider 2, and provider 4) passed adjacently The encipherment section 34 deciphers the enciphered 

together a ticket gate of a certain provider can be avoided. 30 random number rl using the reduction key generated as 

In detail, when a plurality of IC cards 3 passes near the described above. However, because the random number rl 

reader writer 2 of a certain provider, the plurality of IC cards was enciphered using the reduction key generated using the 

3 respond respectively to the request from the reader writer IDA > l . he random number rl cannot be deciphered using the 

2, the reader writer 2 cannot judge, that this response is a reduction key generated using the IDB. Therefore the IC 

response from which IC card, and erroneous processing is 35 card 3B does not respond to transmission from the reader 

performed. However, by using the ID number, such confii- writer 2 hereafter. 

sion can be avoided. On the other hand, in the IC card 3 A, the control section 

For example, as shown in FIG. 17, when an IC card 3A 36 generates a reduction key corresponding to the informa- 

and IC card 3B are passing near the reader writer 2, the tion transmitted from the reader writer 2 (step S52). In detail, 

reader writer 2 requests an ID to the IC card 3 (step S41). *o *e reduction processing section 32 of the IC card 3A 

Not only a communication section 33 of the IC card 3A but reduces data DO read out from the memory 31 first using the 

also a communication section 33 of the IC card 3B receive ci P her kev K1 read °ut from tne area 1 according to the 

the request. Upon receiving an ID request signal as specified reduction order to generate data D01. The data D01 

described herein above, the control section 36 of the IC card is reduced using the cipher key K2 read out from the area 2, 

3 A controls the random number generation section 35 to 45 and data D012 is generated. The data D012 and ID number 

generate a certain random number (step S42). The control C DA ) read oul from the memory 210 are subjected together 

section 36 of the IC card 3A performs assignment processing t0 me prescribed mathematical operation, and the math- 

of time slot corresponding to the generated random number ematical operation result is reduced using the cipher key K4 

(step S43). In detail, communication between the reader read out from the area 4 to generate a reduction key. The 

writer 2 and IC card 3 is performed by time-division 50 reduction key generated as described above is the same 

multiplex operation, and the IC card 3A assigns a time slot reduction key as generated by the reader writer 2 in the step 

corresponding to the generated random number out of a $49. 

plurality of time slots as the time slot for communication of Accordingly, by performing the processing of the step S53 

this IC card 3A. At the timing of the assigned time slot, the to step S59 which are corresponding to the step S10 to step 

control section 36 of the IC card 3A transmits an ID number 55 S17 in FIG. 7 hereafter, authentication processing is per- 

(IDA) read out from the memory 201 to the reader writer 2 formed. The processing is the same processing as described 

through the communication section 33 (step S44). with reference to FIG. 7, and the description is omitted. 

The same processing is performed in the other IC card 3B. FIG. 18 shows a method for changing a cipher key. For 

In detail, upon receiving an ID request signal from the reader example, when the provider 1 wants to change the cipher 

writer 2, the control section 36 of the IC card 3B controls the 60 key Kl, a prescribed random number el is generated, and 

random number generation section 35 to generate a random used as a new key Kl'. When the cipher key of the provider 

number (step S45). The control section 36 of the IC card 3B itself is changed as described above, the provider 1 can 

assigns the time slot corresponding to the generated random change desirably by itself the cipher key Kl stored in the 

number as the time slot of this IC card 3B (step S46). An ID area 1 of the memory 31 of the IC card 3 of the user who uses 

number (IDB) stored in the memory 201 is read out, and 65 the reader writer 2 of the provider 1. However, it is required 

transferred to the reader writer 2 at the timing corresponding that the cipher key Kl of the IC card 3 of a user who uses 

to the assigned time slot (step S47). the reader writer 2 of other provider 2 or provider 4 must be 
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changed. Ia this case, the provider 1 can change the cipher 
key Kl to the new cipher key Kl' without notifying the new 
cipher key KV to other provider 2 or provider 4. 

In this case, the provider 1 generates data and first by 
mathematical operation of the following equations: 5 

Cl«E(el, Kl) 
C2-E(e2, Kl) 

Herein, E(A, B) means encipherment of the data A using 10 
the key B. A method of encipherment such as DES or FEAL 
may be used. 

e2 is a value which satisfies the following equation: 

el+e2-F 

15 

The value F is a predetermined value, which other pro- 
vider 2 and provider 4 know the value as a value which is 
to be used when they change their cipher keys, and is 
previously stored in the memory 31 of the IC card 3. 

When the provider 1 generates the data CI and C2 as 20 
described above, the provider 1 informs this value to other 
providers together with the key number (in this case, the key 
number 1) assigned to the cipher key Kl of the provider 1. 
Each respective provider changes, using these data, the key 
Kl in the memory 31 of the IC card 3 which uses its reader 25 
writer 2 by the way as described below. This change 
processing is described below with an example for the 
provider 4. 

In detail, the reader writer 2 of the provider 4 transmits the 
data CI and C2 to the IC card 3. The encipherment section 30 
34 of the IC card 3 calculates el and e2 by performing 
mathematical operation of the following equations: 

el-D(Cl, Kl) 

c2=D(C2, Kl) 35 

Herein, D(A, B) means encipherment of the data A using 
the key B. 

Accordingly, the IC card 3 can obtain the data el and e2 
by deciphering the data CI and C2 using the key Kl stored 
in the memory 31. 40 

The control section 36 adds el and e2 obtained as 
described above, and judges whether the addition result is 
equal to the prescribed value F stored previously in the 
memory 31. If the result is YES, then the data el obtained by 
deciphering the data CI is registered as a new key Kl' which 45 
will be used instead of the key Kl . 

On the other hand, if the sum of el and e2 is not equal to 
F, change processing is not performed because the change 
request is regarded improper. 

For example, if a malicious provider wants to alter the 50 
cipher key Kl of the provider 1, it and mathematically 
operates the following equation to obtain el' and e2': 

el'-D(Cl', Kl) 

c2'-D(C2', Kl) 55 

CI' and C2' are values which the malicious provider sets 
fittingly. 

However, if el' and e2' generated as described herein 
above are added, the addition result is generally not equal to 60 
the value F. It takes a long time to find a combination of el' 
and e2' which results in the value equal to F, and it is 
substantially very difficult. Therefore the alteration of a 
cipher key by a third party is prevented. 

The provider 2 also performs the same processing to 65 
change the cipher key Kl in the memory 31 of the IC card 
which uses the reader writer 2 of the provider 2. 
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When the cipher key Kl of the provider 1 is changed as 
described herein above, the provider 1, provider 2, and 
provider 4 perform again the same processing as described 
with reference to FIGS. 12 to 14 to change data D024, D014, 
and D012 to be stored respectively. 

FIG. 19 shows another method of authentication process- 
ing. A reader writer 2 shown in FIG. 2 represents the reader 
writer of the provider 4. 

In this example, the control section 24 generates a reduc- 
tion key Ks using the cipher key K4 and data D012 stored 
in the memory 11. The control section 24, for example, 
synthesizes an even number bit and odd number bit of the 
cipher key K4 to generate the first reduction key K4sl, and 
synthesizes an odd number bit and even number bit of the 
cipher key K4 to generate the second reduction key K4s2. 

The first reduction key K4sl is inputted to the encipher- 
ment section 22A of the encipherment section 22, and is 
used to encipher a random number generated by the random 
number generation section 23. The enciphered random num- 
ber is transmitted to the IC card 3. When, as in the case 
described herein above, information required to generate a 
reduction key is transmitted simultaneously to the IC card 3. 

The IC card 3 reads out the data DO from the memory 31 
using this information, and generates a reduction key Ks by 
applying cipher keys Kl, K2, and K4 successively. The 
reduction key Ks has the same value as the reduction key Ks 
generated by the reader writer 2. 

The control section 36 generates the first reduction key 
K4sl and second reduction key K4s2 by performing the 
same processing as the reader writer 2. 

The decipherment section 34B of the encipherment sec- 
tion 34 deciphers the enciphered random number transmitted 
from the reader writer 2, and transmits the deciphered 
random number to the encipherment section 34A. The 
encipherment section 34A enciphers it using the second 
reduction key K4s2 and transmits it to the reader writer 2. 

The decipherment section 22B of the encipherment sec- 
tion 22 in the reader writer 2 deciphers the enciphered 
random number transmitted from the IC card 3. The deci- 
phered result is transmitted to the control section 24. 

The random number deciphered as described above is 
equal to the same random number as generated by the 
random number generation section 23 if the IC card is 
proper. Accordingly, by judging whether the received ran- 
dom number is equal to the generated random number, 
authentication processing is performed. 

What is claimed is: 

1. An authentication system for performing authentication 
processing between a first device and a second device, said 
first device comprising: 

first memory means for storing a plurality of data areas 
and a first plurality of keys, wherein each of said first 
plurality of keys indicates access to a corresponding 
one of said plurality of data areas; 
first generation means for generating a first single authen- 
tication key from two or more of the first plurality of 
keys stored in said first memory means, wherein said 
first single authentication key indicates access to two or 
more corresponding of said plurality of data areas; and 
first communication means for communicating said first 
single authentication key with said second device, and 
said second device comprising: 

second memory means for storing a second plurality of 

keys equivalent to said first plurality of keys; 
second generation means for generating a second single 
authentication key from two or more of the second 
plurality of keys stored in said second memory 
means; and 
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second communication means for communicating said 
second single authentication key with said first 
device, 

wherein one of said first device and said second device 
further comprises encipherment means for encipher- 
ing information using a corresponding one of said 
first single authentication key and said second single 
authentication key, and 

wherein another of said first device and said second 
device further comprises decipherment means for 
deciphering said information enciphered by said 
encipherment means using another corresponding 
one of said first single authentication key and said 
second single authentication key. 

2. An authentication system according to claim 1, 
wherein: 

said one of said first device and said second device further 
comprises notification means for notifying, to said 
another of said first device and said second device, 
information required to generate said corresponding 
one of said first single authentication key and said 
second single authentication key, and 

said another of said first device and said second device 
generates said another corresponding one of said first 
single authentication key and said second single 
authentication key corresponding to the information 
notified by said notification means. 

3. An authentication system according to claim 1, 
wherein: 

at least one of said first device and said second device 

further comprises a random number generation means 

for generating a random number, 
said encipherment means enciphers said random number 

generated by said random number generation means, 

and 

said decipherment means deciphers said random number 
enciphered by said encipherment means. 

4. An authentication method for performing authentica- 
tion processing between a first device and a second device, 
the method in said first device comprising: 

a first memory step of storing a plurality of data areas and 
a first plurality of keys, wherein each of said first 
plurality of keys indicates access to a corresponding 
one of said plurality of data areas; 
a first generation step of generating a first single authen- 
tication key from two or more of the first plurality of 
keys stored in said first memory step, wherein said first 
single authentication key indicates access to two or 
more corresponding of said plurality of data areas; and 
a first communication step of communicating said first 
single authentication key with said second device, and 
the method in said second device comprising: 
a second memory step of storing a second plurality of 

keys equivalent to said first plurality of keys; 
second generation step of generating a second single 
authentication key from two or more of the second 
plurality of keys stored in said second memory step; 
and 

a second communication step of communicating said 
second single authentication key with said first 
device, 

wherein one of said first device and said second device 
further performs processing in an encipherment step 
of enciphering information using a corresponding 
one of said first single authentication key and said 
second single authentication key, and 
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wherein another of said first device and said second 
device further performs processing in a decipher- 
ment step of deciphering said information enci- 
phered in said encipherment step using another cor- 
responding one of said first single authentication key 
and said second single authentication key. 

5. An authentication device for performing authentication 
processing with another device, said authentication device 
comprising: 

communication means for communicating a first single 
authentication key with said another device; 

memory means for storing a first plurality of keys; 

generation means for generating said first single authen- 
tication key from two or more of said first plurality of 
keys stored in said memory means; 

notification means for notifying, to said another device, 
information required to generate a second single 
authentication key from two or more of a second 
plurality of keys stored in said another device and data 
to be enciphered using said second single authentica- 
tion key, wherein said second plurality of keys is 
equivalent to said first plurality of keys; and 

decipherment means for decoding the enciphered data 
using said first single authentication key. 

6. An authentication device according to claim 5, wherein 
said notification means notifies a random number as said 
data to be enciphered. 

7. An authentication method for performing authentica- 
tion processing between an authentication device and 
another device, comprising: 

a communication step of communicating a first single 
authentication key with said another device; 

a memory step of storing a first plurality of keys; 

a generation step of generating said first single authenti- 
cation key from two or more of said first plurality of 
keys stored in said memory step; 

a notification step of notifying, to said another device, 
information required to generate a second single 
authentication key from two or more of a second 
plurality of keys stored in said another device and data 
to be enciphered using said second single authentica- 
tion key, wherein said second plurality of keys is 
equivalent to said first plurality of keys; and 

a decipherment step of deciphering the enciphered data 
using said first single authentication key. 

8. An authentication device for performing authentication 
processing with another device, said authentication device 
comprising: 

communication means for communicating a single 
authentication key with said another device; 

memory means for storing a plurality of data areas and a 
plurality of keys, wherein each of said plurality of keys 
indicates access to a corresponding one of said plurality 
of data areas; 

generation means for generating said single authentica- 
tion key from two or more of the plurality of keys 
stored in said memory means based on information 
notified by said another device, wherein said single 
authentication key indicates access to two or more 
corresponding of said plurality of data areas; and 

an encipherment means for enciphering the information 
notified by said another device using said single 
authentication key. 

9. An authentication method for performing authentica- 
tion processing between an authentication device and 
another device, comprising: 
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a communication step of communicating a single authen- 
tication key with said another device; 

a memory step of storing a plurality of data areas and a 
plurality of keys, wherein each of said plurality of keys 
indicates access to a corresponding one of said plurality 
of data areas; 

a generation step of generating said single authentication 
key from two or more of the plurality of keys stored in 
said memory step based on information notified by said 
another device, wherein said single authentication key 
indicates access to two or more corresponding of said 
plurality of data areas; and 

an encipherment step of enciphering the information 
notified by said another device using said single 
authentication key. 

10. An authentication system for performing authentica- 
tion processing between a first device and a second device, 
said first device comprising: 

first memory means for storing a first authentication key, 
a first common data and a first plurality of keys, 
wherein each of said first plurality of keys corresponds 
to said first common data combined with a respective 
one of a second plurality of keys; 
first generation means for generating a first single authen- 
tication key from said first authentication key and a 
corresponding one of said first plurality of keys; 
first notification means for notifying information required 
for said second device to generate a second single 
authentication key corresponding to said first single 
authentication key; and 
first communication means for communicating said first 
single authentication key with said second device, and 
said second device comprising: 

second memory means for storing a plurality of data 
areas, said second plurality of keys and a second 
common data equivalent to said first common data, 
wherein each of said second plurality of keys indi- 
cates access to a corresponding one of said plurality 
of data areas; 

second generation means for generating said second 
single authentication key from the notified information, 
two or more of said second plurality of keys, and said 
common data; and 

second communication means for communicating said 
second single authentication key with said first 
device; and 

wherein one of said first device and said second device 
further comprises encipherment means for encipher- 
ing data using a corresponding one of said first single 
authentication key and said second single authenti- 
cation key, and 

wherein another of said first device and said second 
device further comprises decipherment means for 
deciphering the data enciphered by said encipher- 
ment means using another corresponding one of said 
first single authentication key and said second single 
authentication key. 

11. An authentication system according to claim 10, 
wherein: 

said another of said first device and said second device 
further comprises second encipherment means for enci- 
phering second data using said another corresponding 
one of said first single authentication key and said 
second single authentication key; 

said one of said first device and said second device further 
comprises second decipherment means for deciphering 
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the enciphered second data using said corresponding 
one of said first single authentication key and said 
second single authentication key; 

said first device further comprises random number gen- 
5 eration means for generating a random number; 

said encipherment means enciphers said random number 
using said corresponding one of said first single authen- 
tication key and said second single authentication key; 

said decipherment means deciphers the enciphered ran- 
10 dom number using said another corresponding one of 
said first single authentication key and said second 
single authentication key; 

said second encipherment means enciphers the deci- 
phered random number using said another correspond- 
15 ing one of said first single authentication key and said 
second single authentication key; and 

said second decipherment means deciphers the enci- 
phered deciphered random number using said corre- 
sponding one of said first single authentication key and 
20 said second single authentication key. 

12. An authentication system according to claim 10, 
wherein: 

the one of said first device and said second device receives 
from the another device of said first device and said 
25 second device a device identification number specific to 
the another device of said first device and said second 
device, 

the another of said first device and said second device 
stores said device identification number in a corre- 
30 sponding one of said first memory means and said 
second memory means, and 
said first generation means and said second generation 
means use said device identification number for gen- 
erating a respective one of said first single authentica- 
35 tion key and said second single authentication key. 

13. An authentication system according to claim 10, 
wherein: 

said first memory means further stores a first verification 
value; 

said second memory meaas further stores a second veri- 
fication value having a value equivalent to said first 
verification value; 
said first generation means further generates a replace - 

45 ment key and a verification key, wherein said replace- 
ment key corresponds to one of said first plurality of 
keys that is to be replaced, and wherein said replace- 
ment key, said verification key and said first verification 
value are related; 

50 said first device further comprises said encipherment 
means, wherein said encipherment means further enci- 
phers first data and second data using said one of said 
first plurality of keys that is to be replaced, wherein said 
first data corresponds to said replacement key and said 

55 second data corresponds to said verification key; 

said first communication means further communicates the 
enciphered first data and the enciphered second data 
with said second device; 
said second device further comprises said decipherment 

60 means, wherein said decipherment means further deci- 
phers the enciphered first data and the enciphered 
second data using a corresponding one of said second 
plurality of keys and in accordance therewith generates 
a deciphered replacement key and a deciphered verifi- 

65 cation key; and 

said second device further comprises control means for 
verifying that said deciphered replacement key, said 
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deciphered verification key, and said second verifica- 
tion value are related, and in accordance therewith 
replacing said corresponding one of said second plu- 
rality of keys with said deciphered replacement key. 

14. An authentication method for performing authentica- 
tion processing between a first device and a second device, 

the method in said first device comprising: 

a first memory step of storing a first authentication key, 
a first common data and a first plurality of keys, 
wherein each of said first plurality of keys corre- 
sponds to said first common data combined with a 
respective one of a second plurality of keys; 

a first generation step generating a first single authen- 
tication key from said first authentication key and a 
corresponding one of said first plurality of keys; 

an first information step of notifying information 
required for said second device to generate a second 
single authentication key corresponding to said first 
single authentication key; and 

a first communication step of communicating said first 
single authentication key with said second device, 
and 

the method in said second device comprising: 

a second memory step of storing a plurality of data 
areas, said second plurality of keys and a second 
common data equivalent to said first common 
data, wherein each of said second plurality of keys 
indicates access to a corresponding one of said 
plurality of data areas; 
a second generation step of generating said second 
single authentication key from the notified 
information, two or more of said second plurality 
of keys, and said common data; and 
a second communication step of communicating said 
second single authentication key with said first 
device, and 

wherein one of said first device and said second 
device further performs an encipherment step of 
enciphering data using a corresponding one of said 
first single authentication key and said second 
single authentication key, and 

wherein another of said first device and said second 
device further performs a decipherment step of 
deciphering the data enciphered in said encipher- 
ment step using another corresponding one of said 
first single authentication key and said second 
single authentication key. 

15. An authentication device for performing authentica- 
tion processing with a second device comprising: 

memory means for storing a first authentication key, a first 
common data and a first plurality of keys, wherein each 
of said first plurality of keys corresponds to said first 
common data combined with a respective one of a 
second plurality of keys; 

generation means for generating a first single authentica- 
tion key from said first authentication key and a cor- 
responding one of said first plurality of keys; 

notification means for notifying information required for 
said second device to generate a second single authen- 
tication key corresponding to said first single authen- 
tication key; 

communication means for communicating said first single 
authentication key with said second device; and 

encipherment means for enciphering data using said first 
single authentication key. 

16. An authentication device according to claim 15, 
wherein said generation means uses a device identification 
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number specific to said second device for generating said 
first single authentication key. 

17. An authentication device according to claim 15, 
wherein: 

said memory means further stores a first verification 
value; 

said generation means further generates a replacement 
key and a verification key, wherein said replacement 
key corresponds to one of said first plurality of keys 
that is to be replaced, and wherein said replacement 
key, said verification key and said first verification 
value are related; 

said encipherment means further enciphers first data and 
second data using said one of said first plurality of keys 
that is to be replaced, wherein said first data corre- 
sponds to said replacement key and said second data 
corresponds to said verification key; and 

said communications means further communicates the 
enciphered first data and the enciphered second data 
with said second device. 

18. An authentication method for performing authentica- 
tion processing with a second device, the method compris- 
ing: 

a memory step of storing a first authentication key, a first 
common data and a first plurality of keys, wherein each 
of said first plurality of keys corresponds to said first 
common data combined with a respective one of a 
second plurality of keys; 

a generation step of generating a first single authentication 
key from said first authentication key and a correspond- 
ing one of said first plurality of keys; 

a notification step of notifying information required for 
said second device to generate a second single authen- 
tication key corresponding to said first single authen- 
tication key; 

a communication step of communicating said first single 
authentication key with said second device; and 

an encipherment step of enciphering data using said first 
single authentication key. 

19. An authentication device for performing authentica- 
tion processing with a second device, said authentication 
device comprising: 

memory means for storing a plurality of data areas, a 
plurality of keys and common data, wherein each of 
said plurality of keys indicates access to a correspond- 
ing one of said plurality of data areas; 

generation means for generating a first single authentica- 
tion key from two or more of the plurality of keys and 
said common data, in accordance with information 
received from said second device, wherein said first 
single authentication key indicates access to two or 
more corresponding of said plurality of data areas; 

communication means for communicating said first single 
authentication key with said second device; and 

decipherment means for deciphering data using said first 
single authentication key, wherein said data was enci- 
phered by said second device. 

20. An authentication device according to claim 19, 
wherein said generation means uses a device identification 
number specific to said authentication device in addition to 
the information received from said second device. 

21. An authentication device according to claim 19, 
wherein: 

said memory means further stores a verification value; 
said decipherment means further deciphers an enciphered 
first data and an enciphered second data received from 
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said second device using a corresponding one of said 
plurality of keys and said common data, and in accor- 
dance therewith generates a deciphered replacement 
key and a deciphered verification key; and 
said authentication device further comprises control 
means for verifying that said deciphered replacement 
key, said deciphered verification key, and said verifi- 
cation value are related, and in accordance therewith 
replacing said corresponding one of said plurality of 
keys with said deciphered replacement key. 
22. An authentication method for performing authentica- 
tion processing with a second device, the method compris- 
ing: 

a memory step of storing a plurality of data areas, a 
plurality of keys and common data, wherein each of 
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said plurality of keys indicates access to a correspond- 
ing one of said plurality of data areas; 

a generation step of generating a first single authentication 
key from two or more of the plurality of keys keys and 
said common data, in accordance with information 
received from said second device, wherein said first 
single authentication key indicates access to two or 
more corresponding of said plurality of data areas; 

a communication step of communicating said first single 
authentication key with said second device; and 

a decipherment step of deciphering data using said first 
single authentication key, wherein said data was enci- 
phered by said second device. 
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